Amarok CVE-2009-0135 and CVE-2009-0136
There is two different CVE IDs given to amarok's vulnerabilities: CVE-2009-0135 [1] CVE-2009-0136 [2] I beleive this DSA [3] is for the first CVE. Is there a need to patch the second one and if yes - what is the status of that process? 1: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0135 2: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0136 3: http://lists.debian.org/debian-security-announce/2009/msg00013.html --- Henri Salo -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Amarok CVE-2009-0135 and CVE-2009-0136
Hi, * Henri Salo fg...@hack.fi [2009-01-19 17:13]: There is two different CVE IDs given to amarok's vulnerabilities: CVE-2009-0135 [1] CVE-2009-0136 [2] I beleive this DSA [3] is for the first CVE. Is there a need to patch the second one and if yes - what is the status of that process? Both fixed in 1.4.4-4etch1, the CVE ids were not known when this package was released. Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgp7HheyeJ9nW.pgp Description: PGP signature